Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» OpenVPN» Recent OpenSSL vulnerability
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Recent OpenSSL vulnerability  (Read 1390 times)
0 Members and 1 Guest are viewing this topic.
fatsailor
Newbie
*
Offline Offline

Posts: 7


View Profile
« on: April 19, 2012, 10:05:24 am »
Does anyone know if CVE-2012-2110 is a problem for us?

http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html

It involves Integer overflows in certificate parsing so I presume it does......
Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12839



View Profile
« Reply #1 on: April 19, 2012, 01:03:05 pm »
From what I've heard, OpenVPN is vulnerable to that. If that turns out to be true, we'll probably roll out a 2.0.2 in the very near future.
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12839



View Profile
« Reply #2 on: May 03, 2012, 11:38:04 am »
FreeBSD finally issued their own SA for OpenSSL... which is a bit scarier than the ones I'd read before:

http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
wm408
Full Member
***
Offline Offline

Posts: 108


View Profile
« Reply #3 on: June 04, 2012, 12:39:22 pm »
Jimp,

     Can you make a howto on patching this? 
Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12839



View Profile
« Reply #4 on: June 04, 2012, 01:23:51 pm »
Step 1. Update to 2.0.2.
Step 2. There is no step 2.

:-)
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
wm408
Full Member
***
Offline Offline

Posts: 108


View Profile
« Reply #5 on: June 05, 2012, 05:33:51 pm »
Jimp...

I don't see 2.0.2 in the mirrors, or the firmware updater in the GUI.

What do you think?  Is it a development snap?

Thanks.

Quote from: jimp on June 04, 2012, 01:23:51 pm
Step 1. Update to 2.0.2.
Step 2. There is no step 2.

:-)
Logged
cmb
Administrator
Hero Member
*****
Online Online

Posts: 6045


View Profile WWW
« Reply #6 on: June 06, 2012, 01:24:34 am »
It's not available yet. That issue doesn't pose an imminent threat, we're working on testing the update.
« Last Edit: June 06, 2012, 01:30:57 am by cmb » Logged
pfSense Commercial Support

Paying customers receive support priority and as in depth of assistance as desired through the official commercial support channels at portal.pfsense.org. Forum users receive as much help as time permits.
wm408
Full Member
***
Offline Offline

Posts: 108


View Profile
« Reply #7 on: June 06, 2012, 04:19:41 pm »
Thanks!


Quote from: cmb on June 06, 2012, 01:24:34 am
It's not available yet. That issue doesn't pose an imminent threat, we're working on testing the update.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.029 seconds with 20 queries.